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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

• Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment See 37 CFR 1 .704(b). 

Status 

1 )|EI R esponsive to communication(s) filed on 13 December 2002 . 
2a)D This action is FINAL. 2b)S This action is non-final. 

3) Q S ince this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
Disposition of Claims 

4) ^ Claim(s) 1.5-8.10. 14-17.22 and 25-33 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1.5-8. 10. 14-17.22 and 25-33 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) [3 The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or bO objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
1 1 )□ The proposed drawing correction filed on is: a)Q approved b)D disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) D The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§119 and 120 

13) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 

a)DAll b)D Some*c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 
15® Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121 . 
Attachment(s) 

1 ) ^ Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) Paper No(s). . 

2) □ Notice of Drafts person's Patent Drawing Review (PTO-948) 5) □ Notice of Informal Patent Application (PTO-152) 

3) □ Information Disclosure Statement(s) (PTO-1449) Paper No(s) . 6) □ Other: 
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DETAILED ACTION 

1 . This application has been examined. 

2. Amendment A, Paper #2, received 9/7/2001, has been entered into record. 

3. Claims 1, 5-8, 10, 14-17, 22, and 25-33 are now pending. 

Priority 

4. This application is a continuation of application 09/039,197, filed 3/13/1998, now 
abandoned. 

5. The effective filing date for the subject matter defined in the pending claims in this 
application which has support in the parent application is 3/13/1998. 

Drawings 

6. The Examiner contends that the drawings submitted on 7/3/2001 are acceptable for 
examination proceedings. 

Specification 

7. It is required that the first line of the specification accurately reflect a proper citation, 
along with proper current status, of any parent disclosures. While the amendment made to the 
specification on 9/7/2001 (Paper #2, Amendment A) incorporates the application number 
09/039,197, no status is associated with this application. Since this application is now 
abandoned, this should be reflected during the citation. Further, application 09/042,338, also 
recited in the initial portion of the specification fails to reflect its' own abandoned status. 

8. The specification improperly incorporates documentation on Page 5, Line 5. It is 
required that any/all incorporated documentation, including the associated citation(s), be 
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complete, and proper, allowing a member of the public to isolate and retrieve the document. See, 
inter alia, MPEP § 608.0 l(p). 

Appropriate corrections are required. 

Claim Rejections - 35 USC§112 

9. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

10. Claims 5, 28, and 33 are rejected under 35 U.S.C. §112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

1 1 . Claim 5 recites the limitation "the connection device" in lines 1-2 of the claim. It is 
unclear which of the required "at least one connection device(s)" is being referenced in this 
claim, should more than one connection device be considered as part of the claimed invention, 

12. Claim 28 recites the limitation "the routing computer" in lines 2-3 of the claim. It is 
unclear which of the required "at least two routing devices" is being referenced in this claim. 

13. Claim 33 recites "prevention of unauthorized communications between customers". It is 
unclear what terminal(s) are involved in this type of prevention, how it is carried out, and 
whether the recited clients, services, both, or neither, are "customers". 

Clarification is required. 

Claim Rejections - 35 USC §103 

14. The following is a quotation of 35 U.S.C. § 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 



Application/Control Number: 09/898,977 
Art Unit: 2144 



Page 4 



such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

15. This application currently names joint inventors. In considering patentability of the 
claims under 35 U.S.C. § 103(a), the examiner presumes that the subject matter of the various 
claims was commonly owned at the time any inventions covered therein were made absent any 
evidence to the contrary. Applicant is advised of the obligation under 37 CFR §1 .56 to point out 
the inventor and invention dates of each claim that was not commonly owned at the time a later 
invention was made in order for the examiner to consider the applicability of 35 U.S.C. § 103(c) 
and potential 35 U.S.C. § 102(f) or (g) prior art under 35 U.S.C. § 103(a). 

16. Claims 1, 5-8, 10, 14-17, 22, and 25-33 are rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Wesinger, Jr. et al. (U.S. Patent Number 5,898,830), hereinafter referred to as 
Wesinger. 

1 7. Wesinger disclosed logical assembly and addressing of both clients and server hosts 
which were isolated from each other and various network segments by firewall(s), i.e., 
"connection device(s)", as claimed. See, inter alia, Column 8, Lines 1-15. These firewall(s) 
were "routing devices", acting to "govern the flow of traffic", and "preventQ unauthorized 
access to the network", as claimed. See, inter alia, Column 1, Line 66 through Column 2, 
Line 21. Provision for independent flow monitoring, active routing policies, "single-point" 
access to specific sets of terminals "behind" each firewall, and definition of logical groupings 
(domains) of computers, client, services, etc., was evident in, inter alia, Column 4, Lines 12-29, 
Column 6, Lines 63-65, Column 8, Lines 34-62, and Column 13, Lines 42-65. "Broadcasting" 
was also evident, inter alia, in Column 13, Lines 15-53 and Column 15, Lines 20-46, since 
wildcards are used in the addressing mechanisms. Since a "broadcast domain" is known in the 
art as a logical local network where broadcasts can be seen, for example, well known VPNs, or 
VLANs. Other typical broadcast domains at the time of invention included cable-modem 
networks, and Ethernet networks. Lastly, the logical grouping of clients/servers into groups was 
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evident in the Wesinger teachings, inter alia, in Column 4, Lines 20-29, and Column 4, 
Lines 39-46, where virtual host sets were defined, and VPNs were constructed. Also, see, inter 
alia, Figure 2, where various logical grouping of terminal(s) was evident, i.e., accounting, 
engineering, and corporate network terminals. 

18. While Wesinger disclosed the invention substantially as claimed, it may be argued that 
Wesinger failed to disclose the presence of static route policies in the firewall(s), and various 
types of network media, for example, frame relay, ISDN, Internet, etc., and associated 
connection mechanisms used on these networks to effect connections between terminals. 

1 . In regard to the failure for Wesinger teachings to specifically include static 
routing policies in the firewall(s), Wesinger specifically disclosed firewall(s) having multiple 
independently configurable network interfaces. See, Column 4, Lines 12-29. Also see, "multi- 
homing" and "dimensional firewall" definition(s) provided, inter alia, in Column 6. Since the 
firewall(s) routed and regulated information to/from one network interface to/from other network 
interfaces (inter alia, Column 8, Lines 1-15), and additionally implemented DNS name resolution 
(inter alia, Column 4, Lines 12-29), each firewall having a configuration table for access 
regulation (Column 9, Lines 53-60), and domain specific address resolution (inter alia, 
Column 9, Lines 1-51), and specific policies were described (inter alia, Column 16, 
Lines 43-67), the claimed provision for static routing policies would have been obvious to one of 
ordinary skill in the art at the time of invention. That is, since the Wesinger firewall(s) were 
enabled in routing devices, and routing devices typically implemented static routing policies, and 
Wesinger disclosed the use of static tables containing policy entries, the invention as claimed 
would have been obvious to one ordinary skill in the art. Also, the "independent routing", as 
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claimed, was fully met by the provision for the firewall(s) to implement DNS/DDNS, since these 
modules functioned to route messages to various named resources (hosts). 

2. In regard to the failing of Wesinger to describe various types of network mediums 
and link(s) constructed between clients and services, it is noted that each type of connection set 
forth in claims 5-8 and 14-17 were notoriously well known in the art at the time of invention, and 
as such, would have been obvious to use to allow access to various remote network services, 
specifically, to those service residing on a physically different network. This is further 
evidenced by various services using differing connection types being disclosed, inter alia, 
Column 3, Lines 49-61. Also, "tunneling" (a logical information transport) were known to 
traverse each of these types of networks, using each of the named protocol families. The end 
result was merely connectivity between a client terminal and a network "gateway" or boundary 
computer/firewall, eventually (upon authorization) effecting connectivity to network services. 

3. Examiner takes Official Notice (see MPEP § 2144.03) that frame relay, PPP, and 
ISDN connections, and general internet connectivity in a computer networking environment was 
well known in the art at the time the invention was made. The Applicant is entitled to traverse 
any/all official notice taken in this action according to MPEP § 2144.03. However, MPEP § 
2144.03 further states "See also In re Boon, 439 R2d 724, 169 USPQ 231 (CCPA 1971) (a 
challenge to the taking of judicial notice must contain adequate information or argument to 
create on its face a reasonable doubt regarding the circumstances justifying the judicial notice)." 
Specifically, In re Boon, 169 USPQ 231, 234 states "as we held in Ahlert, an applicant must be 
given the opportunity to challenge either the correctness of the fact asserted or the notoriety or 
repute of the reference cited in support of the assertion. We did not mean to imply by this 
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statement that a bald challenge, with nothing more, would be all that was needed". Further note 
that 37 CFR § 1.671(c)(3) states "Judicial notice means official notice". Thus, a traversal by the 
Applicant that is merely "a bald challenge, with nothing more" will be given very little weight. 
19. Thus, since the combination of Wesinger and what would have been readily recognized 
by one of ordinary skill in the art at the time of invention as obvious, claims 1, 5-8, 10, 14-17, 
22, and 25-33 are rejected. 



20. Claims 1, 5-8, 10, 14-17, 22, and 25-33 are rejected under 35 U.S.C. §103(a) as being 
unpatentable over Network Firewalls", by Steven Bellovin et al, hereinafter referred to as 
Bellovin, in view of Wiegel (U.S. Patent Number 6,484,261), hereinafter referred to as Wiegel, 
or alternatively, unpatentable over Wiegel in view of Bellovin. 

21 . Bellovin disclosed the use of network firewalls acting to "govern the flow of traffic [and] 
preventing unauthorized access to [a] network". This is the purpose of a firewall. See, inter alia, 
Page 50. Bellovin disclosed "types of firewalls" on Page 51, which described the location of a 
firewall at a boundary of two networks. Also see, Figure 1. In this section, Bellovin disclosed 
how all traffic from inside to outside, and vice-versa, must pass through the firewall. Bellovin 
also suggested "internal" firewalls, in addition to external "boundary" firewalls, to further 
prevent attacks for "sensitive portions of organization networks" network services from the 
internal network. See, Page 51, Column 2. The firewall was fully enabled to filter information. 
See, inter alia, Pages 51-54. Numerous types of firewalls were discussed, including those 
protecting site-specific network services. See, Page 56, Column 1. 
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22. Bellovin disclosed the invention substantially as claimed. While Bellovin disclosed the 
abstract notion of an effective firewall, Bellovin did not specifically disclose the logical grouping 
of services, nor clients, into logical sets, or "domains". This type of logical grouping was 
assumed, since any "site specific services" were within the site "domain", typically having a 
common addressing scheme. However, any details of this addressing methodology, and how a 
firewall dealt with address translation, management, etc., was not expressly disclosed. 

23. In the same art of network firewall administration and security management, Wiegel 
disclosed a graphical user interface (GUI) to effect the logical grouping of arbitrary terminals 
and the implementation of specific security and routing policies for each arbitrary grouping. See, 
inter alia, Abstract, Column 4, Lines 20-24, and Column 28, Lines 45-64. Wiegel disclosed both 
static security and routing policies based on rules formulated through use of the GUI. See, inter 
alia, Column 26, Lines 56-65. The provision for multiple firewall(s) was also disclosed by 
Wiegel, inter alia, in Column 31, Lines 43-46. Since firewalls were enabled to have been 
utilized at a logical grouped level, and these firewalls used static routing policies, the provision 
for "at least two routing devices each implementing [routing] policy", as claimed, was met. 

24. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to modify the firewall system of Bellovin with the GUI firewall security management 
methods provided by Wiegel in order to easily provide a simplistic programming interface for 
enabling the security and routing rules and provisions of an arbitrary firewall to an arbitrary set 
of network devices or services. See, inter alia, Bellovin, Page 52-53, and Wiegel, Column 30, 
Line 62 through Column 31, Line 60. Conversely, modification of the Wiegel system with the 
overview and different varying firewall types as provided by Bellovin would have been obvious 



• 
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at the time of invention in order to provide varying types of firewall technology, and firewall 
filtering techniques, into a utilized security plan. See, inter alia, Wiegel, Column 31, 
Lines 36-49, and Bellovin, Page 51. 

25. Thus, it would have been obvious to one of ordinary skill in the art at the time of 
invention to combine the teachings of Bellovin and Wiegel to result in a multiple firewall 
security methodology, having a simplistic programming interface, providing two distinct 
firewalls, (internal and external) using logical grouping of protected clients and services. 

26. Claims 1, 5-8, 10, 14-17, 22, and 25-33 are rejected. 



27. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

28. The breadth of the claimed invention is creating difficulty in proper isolation of art which 
is drawn toward the combination as claimed. The logical grouping of computing equipment was 
well known in the art at the time of invention, as well as multiple firewalls, and static routing 
policies implemented in routing firewalls. It appears that the claimed invention should properly 
reside in VPN or VLAN technology, but this is not recited in the claims. Applicant is advised to 
narrow the claims sufficiently to help isolate a particular sector of the prior art for further 
narrowing of search and determination of relevant prior art. 

29. Any inquiry concerning this communication or earlier communications from the 
Examiner should be directed to Marc Thompson whose telephone number is (703) 308-6750. 
The Examiner can normally be reached on Monday-Friday from 9am to 4pm. If attempts to 
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reach the Examiner by telephone are unsuccessful, the Examiner's supervisor, William 
Cuchlinski, Jr., can be reached at (703) 308-3873. The fax phone number for this Group 
is (703) 872-9306. Inquiries of a general nature relating to the general status of this application 
or proceeding should be directed to the 2100 Group receptionist whose telephone number 
is (703)305-3900. 



MARC D. THOMPSON 



PRIMARY EXAMIklR 



Marc D. Thompson 
Primary Examiner 
Art Unit 2144 



